Skip Ribbon Commands
Skip to main content

Cybersecurity Awareness – The First Line of Defense​

​​​​​​​​​​​​By Charlotte Gjellerup Rydicher​, Principal Consultant at NNIT​​

Of all factors within our organisations and systems, our people are most likely to expose us to risk. We need to change the way we approach the human security risk factor, to protect our people in order to protect our organisation, through cybersecurity awareness. But what exactly is ‘cybersecurity awareness’ and why is it so important?

The world is changing​

​Organizations today are faced with seri​ous IT security challenges in the face of an alarming rise in cyber threats. In response, organizations mostly rely on cybersecurity procedures and technology to protect their organization and systems. There is surprisingly little focus on how to enhance this protection through employees’ behavior.

As Todd Thibodeaux, president and CEO, CompTIA (1) points out, “We can’t expect employees to act securely without providing them with the knowledge and resources to do so. Employees are the first line of defense, so it's imperative that organizations make it a priority to train all employees on cybersecurity best practices.”​​​


Why is cybersecurity awareness so important?

Security awareness is essential to creating a long-lasting security culture, where employees not only understand, but also act according to good security practices and where security conscious behaviour is a natural and integrated part of the working day.

Building a security culture within an organisation is a long term, sustained effort which requires ‘Reminding’, ‘Repeating’ and ‘Rewarding’ employees. The effort must be clearly supported and led by management. According to Todd Thibodeaux, “Companies cannot treat cybersecurity training as a one and done activity. It needs to be an ongoing initiative that stretches to all employees across the organization.”

Only by being ‘reminded’, practicing through ‘repeating’ and being ‘rewarded’ will employees learn to understand the cybersecurity challenges faced by the business and the important role they themselves play in protecting their organization from potential threats. Employees must gain specific (relevant to their role in the organization) awareness of what may seem to be an innocent action, may in fact open the door to the very real threat of becoming the victim of a cybercriminal. Seemingly innocent actions could include clicking on links, opening email attachments from an unknown sender, sending confidential information in plain email text instead of using encryption, sharing a password with a colleague over the phone, or charging a non-company mobile phone via an USB plug in a company PC.

This caution must become a standard mode of operation for employees without impacting customer friendliness or their collaborative attitude towards partners or colleagues. Rather, this cautious attitude should enhance the organizational image as a trustworthy partner for electronic communication and safe haven for the sensitive data of its business partners.​

Benefits of applying awareness to your security initiative​

By understanding the importance of, and investing in, cybersecurity awareness as part of your security initiative, your employees become an active part of the journey and solution. The awareness will:

  • make security tangible and r​elevant to employees in their daily work

  • ensure that the security maturity level is gradually increased

  • ​ensure that leadership on all levels understand the important role they play in showing clear support, involvement in – and adherence to the initiative

  • ​​lay the foundation for a lasting security culture, anchored in the core values and strategy of your organization.​

What can you do to lay the foundation for a security mind-set?

Changing the mind-set to establish an IT security culture is a long term effort and can be difficult to execute - hence it is often not prioritised in the company strategy. However, some concrete actions you can take to ensure success in your cybersecurity awareness initiative are:

  • ​identify and engage relevant stakeholders early in security initiatives

  • conduct impact assessments to address all angles that the IT security initiative affects in your organization

  • define KPIs on short and long term for security maturity and baseline current level

  • design and implement a security awareness campaign, containing a:

  • specific Communication, Engagement and Training approach

  • training execution targeting relevant audience groups

  • ​measurement approach for long term sustainment to support the KPIs.

In NNIT we believe that employee behavior and actions are strong elements of a successful security initiative.​


​1: CompTIA (Computing Technology Industry Association) is non-profit trade association and policy advocacy group for the IT industry.

About NNIT Security Insights​​

This is an article from NNIT Security Insights, a regular column where prominent NNIT IT security advisors share their thoughts on current and future IT security challenges and how to deal with them.

NNIT has its own Cyber Defense Center (CDC). If lightning strikes, we have the necessary competencies in-house to respond and assist. We have also developed a range of services that can help businesses to achieve the right level of security protection to protect the business from financial and reputational damage. ​​

You are welcome to contact us at if you want to know more about how NNIT can help your business increase its information security level.​




Helge Skov Djernes+45 3075 8868 hfsd@nnit.comInformation Security Management Consultant Skov Djernes



NNIT Security Insights Security Insights
Risky Business? Business?
​Ransomware 101​Ransomware 101
Cybersecurity Awareness – The First Line of Defense​ Awareness – The First Line of Defense​
The Fine Art of Aligning Business Strategy and Information Security Strategy Fine Art of Aligning Business Strategy and Information Security Strategy
​Privacy – why it is worth fighting for​Privacy – why it is worth fighting for
​The C.I.A. of application security!​The C.I.A. of application security!
Migrate to Cloud Services without Jeopardizing Security and Compliance to Cloud Services without Jeopardizing Security and Compliance
​​​Building a sustainable defence: How to secure your operational technology (OT) environment​​​​Building a sustainable defence: How to secure your operational technology (OT) environment​
How to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime? to Keep Industrial Computer Systems (ICS/SCADA) Running in an Age of Cybercrime?